ChoicePoint Inc. and LexisNexis may face withering criticism for not keeping identity thieves out of their massive databases, but information brokers are far from the only sources of the Social Security numbers, addresses and other tidbits that fuel the fast-growing brand of fraud.
Just ask Brielle LaCosta, whose personal data was stolen when she responded to a seemingly official e-mail purportedly from online auctioneer EBay Inc.
Within a few days of filling out the online forms, a car she had put up for auction had been sold out from under her and someone had run up $12,000 in charges on her credit card.
Despite high-profile security breaches at big data aggregators like ChoicePoint and LexisNexis, online attacks, inside jobs and old-fashioned burglaries provide crooks the bulk of the personal data they need to open fake credit-card and other accounts.
Among thieves' weapons of choice are so-called "phishing" attacks like the one that snared LaCosta, in which e-mailers pretend to be from a bank or other commerce site and refer people to sites that look official, and the use of spyware that surreptitiously logs account passwords as victims type.
To be sure, identity theft is nothing new and plenty of information is swiped through tried-and-true methods that originated long before the rise of the Internet or data miners like ChoicePoint and LexisNexis.
"The biggest problem is the workplace, and the biggest problem in the workplace is there's a lack of personnel security," Collins said.
Mark Nichols, a consignment store owner in Crosby, N.D., had been planning to update his credit-card information on his EBay account when an e-mail told him his account had been suspended.
Visa USA, banker Wells Fargo & Co. and online payment firm CheckFree Corp., all of which profit from Internet banking, paid for one report on the topic that was released this year.